Sunday 30 June 2013
Redirecting the users and computers containers
By default Active Directory places user accounts, computer accounts, and groups in CN=objectclass containers.
Redirecting the default container for user, computer, and security groups to an organizational unit permits Group policies to be applied.
Microsoft considers it "best practice" to place security principals into an organizational unit hierarchy that mirrors your organizational structure, geographic layout, or administration model.
Redirect Users
redirusr <DN path to alternate OU>
redirusr ou=myusers,DC=contoso,dc=com
Redirect Computers
redircmp <DN path to alternate OU>
redircmp ou=mycomputers,DC=contoso,dc=com
Redirecting the users and computers containers in Active Directory domains
Considerations
Windows Server 2003 domain functional level or higher required.
The default User and Computer containers are protected against accidental deletion remember to ensure that you do the same with your new OUs.
Friday 28 June 2013
User Template increase attributes copied
When you create a user template and copy it to create a new user only a limited number of attributes are copied
Example: Copy Office From the General tab
Suppose you have a user template and want the Office value from the general tab to remain when you create a new user by copying the template.
You can use ADSI Edit to make the attribute copy.
- Open ADSI Edit
- In the left pane right click ADSI Edit and Connect To the Schema Naming Context
- Locate the attribute name in this case Office is:
Physical-Delivery-Office-Name - Right Click and open Properties
- Attribute Editor Tab … locate searchFlags
- Edit and add 16 to the value
- To prevent it from copying remove 16 from the value.
I have tested with Windows 2008 R2 as shown but certain it should work with previous version as I learned from a Windows 2000 KB Article.
Where do you get the attribute names … I found some here.
Tuesday 25 June 2013
Ultrasound - File Replication Service
Ultrasound - Monitoring and Troubleshooting Tool for File Replication Service (FRS)
Ultrasound is a monitoring and troubleshooting tool for the File Replication Service (FRS). FRS is a legacy technology that replicates files and folders that are stored in Distributed File System (DFS) folders or in the System Volume (SYSVOL) folder on domain controllers.
Sunday 23 June 2013
Learn Windows PowerShell in a Month of Lunches
Here are some companion videos to an excellent PowerShell book.
Friday 21 June 2013
Active Directory Shadow Groups
Simply: You have an OU in active directory … add any user accounts in the OU to a group … in addition you want to maintain the membership when accounts are added or removed from the OU.
The following link includes examples using the ds* commands and PowerShell to populate and maintain Shadow Groups.
Shadow Groups in Active Directory
It should be possible to expand these examples to include the user accounts from other OUs or to use Identity Attributes rather than OU.
Tuesday 18 June 2013
Cmdlet Reference for Windows Server 2008 R2
Powershell Cmdlet help for Windows Server® 2008 R2 roles and features
Thursday 13 June 2013
Windows Server 2012 Upgrade Jump Start (70-417)
This is session one of a twelve, a good start point for 70-417
Tuesday 11 June 2013
PowerShell determine what version is installed
What version of PowerShell is installed on a machine
Open PowerShell and type Get-Host
Windows 7 – version 2.0
Windows 8 – version 3.0
Sunday 9 June 2013
Update GPO templates to manage Windows 8
You’ve added some Window 8 PCs and possibly Windows Server 2012 to your existing Windows Server 2008 R2 enterprise … okay so how do you access the additional features with Group Policy?
Looking at a Group Policy setting in Windows 8 Windows 8 GPO Blocking Connection Accounts … I got to thinking … I’m doing this from Windows Server 2012 … more realistically I will be adding Windows 8 machines to a Windows Server 2008 environment.
How do I update the group policy template files?
My only caveat … I have still to do the testing … will the new templates work with the old admin tools.
Windows 7, Windows Server 2008 R2 Group Policy Central Store
Administrative Template files for Windows 8 & Windows Server 2012
Upgrading the ADMX Central Store files from Windows 7/2008R2 to Windows 8/2012
Windows 8 GPO Blocking Connection Accounts
In Windows 8 you can associate your domain user account with your Microsoft Live ID. Not something that the enterprise would necessary welcome ... so how do you disable it.
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts:Block Microsoft Accounts
If you disable or do not configure this policy, users will be able to use Microsoft accounts.
If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is Microsoft's preferred option if you need to limit the use of Microsoft accounts in your enterprise.
If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
I would expect the latter option to be the case in a Windows 2008/ Windows Server 2012 enterprise.
Saturday 8 June 2013
Enable GodMode in Windows 7 and Windows 8
Want all your admin features in one place. Really useful if you are transitioning from Windows 7 to Windows 8. Think it has been around since Windows Vista.
Create a folder on your desktop and rename it
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Your folder will be remained GodMode and inside will be all the good stuff an Admin God would want.
GodMode folder Windows 7
GodMode folder Windows 8
Windows 8 elevated command prompt
Working with Windows 7 I found the quick way to an elevated administrators command prompt was Windows key + R to open the Run box, type cmd then press Ctrl+Shift+Enter. In fact I used this method for most thing I wanted to run as administrator.
This method does NOT appear to work with Window 8 … this is where the Windows 8 haters start to scream … but the solution is as simple.
There are several ways to elevated command prompt in Windows 8 my preferred method from the Desktop is:
Press the Windows key to return to the start screen.
Type cmd
Command Prompt will return already selected
You now press Ctrl+Shift+Enter
Say yes to the UAC prompt
You are returned to the desktop with an elevated command prompt in no more time than it took in Windows 7.
It would be nice for the transition from 7 to 8 if Windows Key + R then Ctrl+Shift+Enter worked or did I miss the memo and it should!!!
Extending - rearming Windows 8 Evaluation
To extend the grace period of your Windows 8 evaluation open an elevated command prompt and enter
slmgr /rearm
This extends your evaluation for a further 30 days.
Can be rearmed 3 times in theory extending your trial by 90 days.
Enable/Disable Store in Windows 8 Group Policy
Quick Guide
Local Group Policy Editor (run gpedit.msc)
User Configuration\Administrative Templates\Windows Components
Store
Turn off the Store application
In Detail
Press Windows Key + R to open the Run box
enter gpedit.msc (don’t forget the file extension)
This will open the Local Group Policy Editor
In the left pane under user configuration expand Administrative Templates then Windows Components
Still in the left pane under Windows Components Select Store
In the right pane open (double click) Turn of the Store application
By default is the Store is enabled
To disable the store you must Enable this policy option
Select the enable radio button and press OK
To enable the store select Disabled or Not Configured
There is no to save option just close the group policy editor
Tuesday 4 June 2013
Windows 7 Network Tracing
Tools for Troubleshooting using Network Tracing in Windows 7
MSDN: Using Netsh to Manage Traces